Phishing Reporter Add-In

Phishing Reporter helps users to report the suspicious email for analysis and start an incident investigation with Incident Responder.

To run phishing reporter add-in, make sure you have all pre-requisites of Visual Studio 2010 Tools for Office Runtime.

The main function of Phishing Reporter is to make users easily report suspicious emails to their incident responder. When a user detects a suspicious email by clicking on the Suspicious Email Reporter button, he/she reports it to the incident responder module for analysis. Then, the platform investigates this suspicious email either by its own engine or with third-party integrated services. Click to see “ How does an investigation mechanism work?

Benefits to the security operation centre (SOC)

  • It gives the ability to conduct an incident investigation and response without violating the privacy of users.

  • It strengthens the last line of defence by transforming users into “proactive agents” that detect and report attacks.[1]

Benefits to an email user

  • Users report suspicious an email with a single click.

  • It allows a user to send a suspicious email to analysis services and get a risk score.

  • Users receive immediate feedback.

[1] It is a way of proactively involving users to protect the institution’s security by getting employees to report suspicious emails.

Compatability

This outlook add-in compatible with the below version of Outlook

How Does the Add-in Work?

In Outlook, where the add-in is installed, the working principle works as follows:

  1. When add-in opened:

    a. Sends a heartbeat to server

    b. Get order from the server, if there was an investigation or action

  2. When add-in runs:

    a. Sends the heartbeat to the server in periodic time [1]

    b. If any order comes from the server, then start to do this investigation or action [2]

    c. If an error occurred then it logs it to the client-side then send it to our server

  3. When outlook closes itself, then add-in close:

[1] The add-in optimizes this process according to network and machine performance by itself.

[2] When conducting the investigation, the add-in optimizes this process according to the computer and the network situation.

Logging Mechanism

The platform's Add-in logs all problems and reports both of user’s computer (C:\Users\Public\KeepnetLabs\Log) and keepnet server.

In order to resolve the problem, please check the logs.

  • Older Logs: Add-in compresses and archives older logs in .zip format bigger than 8MB

  • Installer: Add-in keeps the logs that appeared during the installation.

  • Keepnet Outlook Add-in Log: The log file that keeps the logs created when add-in functions.

Minimum Computer Specifications

  • Outlook Versions: Outlook 2007/2010/2013/2016

  • CPU Usage: 0% to 5% of CPU

  • RAM Usage: 120~ MB of RAM

  • Disk Usage: 3MB disk space

  • Network Traffic: payload size + http requests size = Approx. 230kbps

Generating Add-in

To get the most up-to-date version of the plugin, you can access the Incident Response> Outlook Plugin page from the Keepnet cloud interface. You can create an add-in as you like in the following criteria.

Customization

When you have logged in to the Platform, the Outlook Add-in menu helps you prepare custom plugins.

Phishing Reporter Announcement Email Template

To inform your users about the Phishing Reporter Outlook add-in, you can use the following text.

PreviousFAQ (Incident Responder&Phishing Reporter)NextInstallation

Last updated